diff mbox series

[2/2] spdx-common: Add documentation for undocumented SPDX variables

Message ID 20251113184151.511039-3-stondo@gmail.com
State New
Headers show
Series SPDX 3.0.1 documentation and bugfix | expand

Commit Message

Stefano Tondo Nov. 13, 2025, 6:41 p.m. UTC 
From: Stefano Tondo <stefano.tondo.ext@siemens.com>

Add missing [doc] strings for seven SPDX-related BitBake variables
that were previously undocumented in the spdx-common bbclass.

Variables documented:
- SPDX_INCLUDE_SOURCES: Control source file inclusion in SBOM
- SPDX_INCLUDE_COMPILED_SOURCES: Control compiled source inclusion
- SPDX_UUID_NAMESPACE: Namespace for UUID generation
- SPDX_NAMESPACE_PREFIX: URI prefix for SPDX documents
- SPDX_PRETTY: JSON output formatting control
- SPDX_LICENSES: Path to SPDX license mapping file
- SPDX_CUSTOM_ANNOTATION_VARS: Custom annotation variables
- SPDX_MULTILIB_SSTATE_ARCHS: Multilib sstate architecture list

This improves discoverability of these configuration options and
helps users understand how to customize SPDX/SBOM generation.

Signed-off-by: Stefano Tondo <stefano.tondo.ext@siemens.com>
---
 meta/classes/spdx-common.bbclass | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

Comments

Joshua Watt Nov. 13, 2025, 7:33 p.m. UTC | #1 
LGTM, Thanks

Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>

On Thu, Nov 13, 2025 at 11:42 AM Stefano Tondo via
lists.openembedded.org <stondo=gmail.com@lists.openembedded.org>
wrote:
>
> From: Stefano Tondo <stefano.tondo.ext@siemens.com>
>
> Add missing [doc] strings for seven SPDX-related BitBake variables
> that were previously undocumented in the spdx-common bbclass.
>
> Variables documented:
> - SPDX_INCLUDE_SOURCES: Control source file inclusion in SBOM
> - SPDX_INCLUDE_COMPILED_SOURCES: Control compiled source inclusion
> - SPDX_UUID_NAMESPACE: Namespace for UUID generation
> - SPDX_NAMESPACE_PREFIX: URI prefix for SPDX documents
> - SPDX_PRETTY: JSON output formatting control
> - SPDX_LICENSES: Path to SPDX license mapping file
> - SPDX_CUSTOM_ANNOTATION_VARS: Custom annotation variables
> - SPDX_MULTILIB_SSTATE_ARCHS: Multilib sstate architecture list
>
> This improves discoverability of these configuration options and
> helps users understand how to customize SPDX/SBOM generation.
>
> Signed-off-by: Stefano Tondo <stefano.tondo.ext@siemens.com>
> ---
>  meta/classes/spdx-common.bbclass | 26 ++++++++++++++++++++++++++
>  1 file changed, 26 insertions(+)
>
> diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass
> index ca0416d1c7..6bd1b56d96 100644
> --- a/meta/classes/spdx-common.bbclass
> +++ b/meta/classes/spdx-common.bbclass
> @@ -26,17 +26,43 @@ SPDX_TOOL_VERSION ??= "1.0"
>  SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
>
>  SPDX_INCLUDE_SOURCES ??= "0"
> +SPDX_INCLUDE_SOURCES[doc] = "If set to '1', include source code files in the \
> +    SPDX output. This will create File objects for all source files used during \
> +    the build. Note: This significantly increases SBOM size and generation time."
> +
>  SPDX_INCLUDE_COMPILED_SOURCES ??= "0"
> +SPDX_INCLUDE_COMPILED_SOURCES[doc] = "If set to '1', include compiled source \
> +    files (object files, etc.) in the SPDX output. This automatically enables \
> +    SPDX_INCLUDE_SOURCES. Note: This significantly increases SBOM size."
>
>  SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
> +SPDX_UUID_NAMESPACE[doc] = "The namespace used for generating UUIDs in SPDX \
> +    documents. This should be a domain name or unique identifier for your \
> +    organization to ensure globally unique SPDX IDs."
> +
>  SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs"
> +SPDX_NAMESPACE_PREFIX[doc] = "The URI prefix used for SPDX document namespaces. \
> +    Combined with other identifiers to create unique document URIs."
> +
>  SPDX_PRETTY ??= "0"
> +SPDX_PRETTY[doc] = "If set to '1', generate human-readable formatted JSON output \
> +    with indentation and line breaks. If '0', generate compact JSON output. \
> +    Pretty formatting makes files larger but easier to read."
>
>  SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
> +SPDX_LICENSES[doc] = "Path to the JSON file containing SPDX license identifier \
> +    mappings. This file maps common license names to official SPDX license \
> +    identifiers."
>
>  SPDX_CUSTOM_ANNOTATION_VARS ??= ""
> +SPDX_CUSTOM_ANNOTATION_VARS[doc] = "Space-separated list of variable names whose \
> +    values will be added as custom annotations to SPDX documents. Each variable's \
> +    name and value will be recorded as an annotation for traceability."
>
>  SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}"
> +SPDX_MULTILIB_SSTATE_ARCHS[doc] = "The list of sstate architectures to consider \
> +    when collecting SPDX dependencies. This includes multilib architectures when \
> +    multilib is enabled. Defaults to SSTATE_ARCHS."
>
>  python () {
>      from oe.cve_check import extend_cve_status
> --
> 2.51.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#226260): https://lists.openembedded.org/g/openembedded-core/message/226260
> Mute This Topic: https://lists.openembedded.org/mt/116279441/3616693
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [JPEWhacker@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass
index ca0416d1c7..6bd1b56d96 100644
--- a/meta/classes/spdx-common.bbclass
+++ b/meta/classes/spdx-common.bbclass
@@ -26,17 +26,43 @@  SPDX_TOOL_VERSION ??= "1.0"
 SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
 
 SPDX_INCLUDE_SOURCES ??= "0"
+SPDX_INCLUDE_SOURCES[doc] = "If set to '1', include source code files in the \
+    SPDX output. This will create File objects for all source files used during \
+    the build. Note: This significantly increases SBOM size and generation time."
+
 SPDX_INCLUDE_COMPILED_SOURCES ??= "0"
+SPDX_INCLUDE_COMPILED_SOURCES[doc] = "If set to '1', include compiled source \
+    files (object files, etc.) in the SPDX output. This automatically enables \
+    SPDX_INCLUDE_SOURCES. Note: This significantly increases SBOM size."
 
 SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
+SPDX_UUID_NAMESPACE[doc] = "The namespace used for generating UUIDs in SPDX \
+    documents. This should be a domain name or unique identifier for your \
+    organization to ensure globally unique SPDX IDs."
+
 SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs"
+SPDX_NAMESPACE_PREFIX[doc] = "The URI prefix used for SPDX document namespaces. \
+    Combined with other identifiers to create unique document URIs."
+
 SPDX_PRETTY ??= "0"
+SPDX_PRETTY[doc] = "If set to '1', generate human-readable formatted JSON output \
+    with indentation and line breaks. If '0', generate compact JSON output. \
+    Pretty formatting makes files larger but easier to read."
 
 SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
+SPDX_LICENSES[doc] = "Path to the JSON file containing SPDX license identifier \
+    mappings. This file maps common license names to official SPDX license \
+    identifiers."
 
 SPDX_CUSTOM_ANNOTATION_VARS ??= ""
+SPDX_CUSTOM_ANNOTATION_VARS[doc] = "Space-separated list of variable names whose \
+    values will be added as custom annotations to SPDX documents. Each variable's \
+    name and value will be recorded as an annotation for traceability."
 
 SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}"
+SPDX_MULTILIB_SSTATE_ARCHS[doc] = "The list of sstate architectures to consider \
+    when collecting SPDX dependencies. This includes multilib architectures when \
+    multilib is enabled. Defaults to SSTATE_ARCHS."
 
 python () {
     from oe.cve_check import extend_cve_status